Wireless Access

Hi!

Is there a simple way to take backup automatically of the controller using a script? We have scripts that take the config for our Cisco, our firewalls, etc.. But for the 650, I did try a few and it does not work. In SSH, this is rather complicated to push commands in script. Does a URL link is on the controller I could directly download the TAR, or something like that? 

Thx!

Shouldn't be overly difficult to script on the CLI.

What are the commands does your existing script use on the Cisco...  and which ones did you try on the Aruba... or are you saying you just tried to re-use canned scripts  as a starting point ?  If so, which ones ?

I would envision approaching with a 

- login

- enter enable mode

-turn off paging

- show run

-exit

Alternatively, you can explore enabling phone home feature if you are running AOS version like 6.1.3.4, A copy of the tech support log will be saved in Aruba phone home server.

Ok, I'm posting this just for other people to use. 

Caveats:  

- It's ugly.

- It's complicated.

- It works.

Things you will need:

- A linux server ready to receive the backups.

- (Optional) A subversion repository ready to go.

- A user that can log in on both your Aruba devices and your linux server. This might be an actual LDAP user, or just two local users with the same name and password.

- Successfully connected to all the Aruba controllers from the linux box, using that local user. (The script is not smart enough to understand when it asks if you want to add the host's key.)

- "expect" installed on your linux box.

- If using subversion, have already checked out the aruba folder, so that it's ready to have the svn commands run.

- A basic understanding of how linux, SSH, and shell scripting work, and subversion if you're using it. (Because I don't know how much time I'll have to help anyone troubleshoot this thing.)

So, without further ado, here's the script:   getaruba.sh

#!/usr/bin/env bash

#
# Modified script by Dan Scherck scherckd@evergreen.edu
# 
# Original author Gerrit Tamboer gerrit@gerrit-tamboer.net
#

#### SETTINGS ####

# What time is it? Dump the date to a variable.
datestamp=`/bin/date`

# Username and PW for scp. Wish we didn't have to hardcode this. Still trying to find a better way.
scp_username=LOCALUSERNAME
scp_pw=LOCALUSERPASSWORD

# Where should I put the data?
backupdir=/home/$scp_username/aruba
backupserver=192.168.5.5

# Define the needed tools by using the "which" command to find their full paths.
scp=`which scp`
expect=`which expect`
ssh=`which ssh`
svn=`which svn`
masterIP=192.168.99.2
local1IP=192.168.99.3
local2IP=192.168.99.4

#### SETTINGS END ####

# Make sure the repo is current.
$svn update $backupdir

# First, we do the backup commands. For some reason chaining this part screws up the rest of the expect if it takes too long, so it's run completely separately.

# The hostnames of the controllers are "Aruba-Master", "Aruba-Local1" and "Aruba-Local2". 
# This is important for the expect command to be able to recognize the prompt and send commands / passwords.

## Master controller flash backup.
$expect -c "
set timeout 10
spawn $ssh $scp_username@$masterIP
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"aster.*\"
send \"backup flash\r\"
expect -re \"aster.*\"
send \"exit\r\"
interact
"
## Local1 flash backup
$expect -c "
set timeout 10
spawn $ssh $scp_username@$local1IP
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"ocal.*\"
send \"backup flash\r\"
expect -re \"ocal.*\"
send \"exit\r\"
interact
"
## Local2 flash backup
$expect -c "
set timeout 10
spawn $ssh $scp_username@$local2IP
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"ocal.*\"
send \"backup flash\r\"
expect -re \"ocal.*\"
send \"exit\r\"
interact
"

# End Backup section.

# Start the actual copy operations.

# Aruba_Master
## This whole section is the expect command.
expect -c "
set timeout 10
spawn $ssh $scp_username@$masterIP
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"aster.*\"
send \"copy flash: default.cfg scp: $backupserver $scp_username /home/$scp_username/aruba/Aruba_Master.txt\r\"
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"aster.*\"
send \"export gap-db ap-database\r\"
expect -re \"aster.*\"
send \"copy flash: ap-database scp: $backupserver $scp_username /home/$scp_username/aruba/Aruba_Master_ap-database.txt\r\"
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"aster.*\"
send \"copy flash: flashbackup.tar.gz scp: $backupserver $scp_username aruba/Aruba_Master_flash_backup.tar.gz\r\"
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"aster.*\"
send \"exit\r\"
interact
"
# End the expect command.

# Aruba_Local1
# This whole section is the expect command.
expect -c "
set timeout 10
spawn $ssh $scp_username@$local1IP
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"ocal.*\"
send \"copy flash: default.cfg scp: $backupserver $scp_username /home/$scp_username/aruba/Aruba_Local1.txt\r\"
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"ocal.*\"
send \"copy flash: flashbackup.tar.gz scp: $backupserver $scp_username aruba/Aruba_Local1_flash_backup.tar.gz\r\"
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"ocal.*\"
send \"exit\r\"
interact
"
# End the expect command.

# This whole section is the expect command.
expect -c "
set timeout 10
spawn $ssh $scp_username@$local2IP
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"ocal.*\"
send \"copy flash: default.cfg scp: $backupserver $scp_username /home/$scp_username/aruba/Aruba_Local2.txt\r\"
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"ocal.*\"
send \"copy flash: flashbackup.tar.gz scp: $backupserver $scp_username aruba/Aruba_Local2_flash_backup.tar.gz\r\"
expect -re \"ssword.*\"
send \"$scp_pw\r\"
expect -re \"ocal.*\"
send \"exit\r\"
interact
"
# End the expect command.

		
# Now update and push the new configs to the subversion repo and do some logging.
# Some of the logging may be reduced once the script is working properly.
echo Now starting logging and commit to subversion.
echo $datestamp > /home/$scp_username/current.log
$svn add $backupdir/* >> /home/$scp_username/current.log
$svn status $backupdir > /home/$scp_username/changelist.txt
$svn commit -m "Automatic backup from script" $backupdir >> /home/$scp_username/current.log
echo Backup Operation Completed. >> /home/$scp_username/current.log
cat /home/$scp_username/current.log >> /home/$scp_username/backups.log

The full flash backup changes every time. Since it can be a bit large (our little college has a 12 meg backup file for the master), you can easily end up putting a lot of data into your subversion folder. May want to consider breaking up the flash backup from the rest of the backup, or reducing the frequency of backups if your config is not changing much.

For what it's worth we use Rancid.  It connects to the controller and grabs the config the first time and then tracks any changes after that. It would address the large config file and space issues mentioned.  With rancid it also emails us each time there is any config change to note any modifications.  It also includes a web interface to allow you to view the entire config and/or compare the configs on different days/times to see what is different.

FYI,

Ian

Yeah, I have used Rancid but it's a bit of overkill for what I needed. We're a mostly HP shop aside from the Arubas, and the HP management software (PCM+) automatically pulls and backs up the configs for most of the other network equipment.

Because, of course you must be replying to me since this is now entirely my thread. ;)

If you're running Airwave as well, Aruba has a script that will ssh to the controllers that the AMP is watching run a flash backup, scp it to the AMP as well as licenses and logs then tar and time stamp the backup.

Before I try to re-invent the wheel trying to get my airwave to backup my controllers... How do I run this script that is on the airwave?

Thanks!

I would suggest getting in touch with Airwave support and ask them for a controller back up script, may have to referance the Airwave engineer that wrote it, Ravi Mehra.

I will do that. Thanks!

Ravi here.  Thanks for promoting the script Chris!

The script and the documentation for using it is available at Use AirWave script to regularly back up Aruba controllers.  Feel free to reply back or PM me for any questions, comments, or feedback.

Check this out!

https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/Use-AirWave-script-to-regularly-back-up-Aruba-controllers

Thanks! I will check it out, but is there a reason that the Airwave doesn't capture the controller configs natively? Or am I missing a step here somewhere? I am relatively new to using the Airwave... but being able to backup configurations in case of failure (which has happened to me a couple times already) seems to be a feature that is a must have.

If I am missing a button somewhere to at least capture the configs, can someone guide this poor lost soul to the light? :-)

Ric

AirWave certainly does capture the controller configuration natively.  AirWave calls this feature "auditing".  AirWave audits each controller's configuration daily and compares it against a reference configuration that is saved per AirWave group.  Devices that have differences between their running config and their group's reference config will show up as "mismatched" and the mismatches can be visually evaluated.  The group's reference configuration can be updated by importing configuration from a device in that group.  Then, If your device loses its configuration, you can place the device in manage mode on AirWave, and the reference configuration saved for the group will get pushed out to the device.  There are many more details in the user guide about how configuration management works in AirWave.  I'd suggest reading through that before placing devices in manage mode.

The script can work in tandem with the AirWave configuration management features.  Although the feature of backing up the configuration is redundant, some users may prefer to have the raw configuration files that the script provides.  Additionally, the script provides a configuration snapshot instead of AirWave's continuous audit.  Similar to how restore points work on a PC, a backup file generated at timestamp X can be used to restore the config from that time.  Keep in mind that the script rotates the backup files so only the last 5 backups are saved by default.